open-xchange-authentication

sploenix replied

02-23-2012, 12:21 PM
As nobody replied to my question, I tried to find and alternative way to authenticate my users. I'm now using imap authentication, which works very well. The problem is now that I can't use users in the database (like oxadmin) - so I now have a working OX with no admin user. Here's the log message:

INFO: Logged at: com.openexchange.authentication.imap.impl.IMAPAuth entication.handleLoginInfo(IMAPAuthentication.java :354)
Authentication error on host MY.IMAP.SERVER:993 for user oxadmin
javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] Authentication failed.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPSt ore.java:624)
at javax.mail.Service.connect(Service.java:291)
at com.openexchange.authentication.imap.impl.IMAPAuth entication.handleLoginInfo(IMAPAuthentication.java :324)
at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:88)
at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
at com.openexchange.ajax.Login.doLogin(Login.java:901 )
at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
at com.openexchange.ajax.Login.doGet(Login.java:725)
at com.openexchange.ajax.Login.doPost(Login.java:858)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
at java.lang.Thread.run(Unknown Source)

The problem is, that ox tries to authenticate the oxadmin user against the imap server. How can this be changed?
Leave a comment:
sploenix replied

02-16-2012, 11:50 AM
You are right. right now I am trying what search filter to apply. As I am new to ldap I don't know what to add here. I tried the suggestion "searchFilter=(&(objectclass=posixAccount)(uid=*)) " which does not work. What is the right syntax for all users in a specific OU in an active directory?

Here's the error from the log:

SEVERE: Logged at: com.openexchange.authentication.ldap.LDAPAuthentic ation.bind(LDAPAuthentication.java:272)
Login failed for dn null:
com.openexchange.ajp13.remoteAddress=127.0.0.1
com.openexchange.ajp13.remotePort=54593
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unkno wn Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unkn own Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknow n Source)
at com.openexchange.authentication.ldap.LDAPAuthentic ation.bind(LDAPAuthentication.java:184)
at com.openexchange.authentication.ldap.LDAPAuthentic ation.handleLoginInfo(LDAPAuthentication.java:135)
at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:88)
at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
at com.openexchange.ajax.Login.doLogin(Login.java:901 )
at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
at com.openexchange.ajax.Login.doGet(Login.java:725)
at com.openexchange.ajax.Login.doPost(Login.java:858)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
at java.lang.Thread.run(Unknown Source)

Last edited by sploenix; 02-16-2012, 11:53 AM.
Leave a comment:
Wolfgang Rosenauer replied

02-16-2012, 11:12 AM
Apparently the log tells you that there is no "searchFilter" property set in the configuration file ldapauth.properties?
Leave a comment:
sploenix replied

02-15-2012, 11:27 PM
ok i've made the next step. reading this post gave me the right hint: https://forum.open-xchange.com/showt...undle-RESOLVED

afterwards I searched the ox-log: cat /var/log/open-xchange/open-xchange.log.0 | grep "authentication.ldap"
and found this error:

Start-up of bundle "com.openexchange.authentication.ldap" failed: ???-0009 Category=10 Message=Missing property searchFilter. exceptionID=-2090270552-1
at com.openexchange.authentication.ldap.LDAPAuthentic ation.init(LDAPAuthentication.java:322)
at com.openexchange.authentication.ldap.LDAPAuthentic ation.<init>(LDAPAuthentication.java:122)
at com.openexchange.authentication.ldap.AuthLDAPActiv ator.startBundle(AuthLDAPActivator.java:104)
Bundle "com.openexchange.authentication.ldap" stopped.

logging in does still not work... further investigations will follow tomorrow.
Leave a comment:
sploenix replied

02-15-2012, 11:13 PM
You are right the ldap module is not loaded:

bundlename: com.openexchange.authentication.ldap status: RESOLVED

This is what the osgi log tells me:

!ENTRY org.eclipse.osgi 4 0 2012-02-15 18:02:53.494
!MESSAGE Bundle com.openexchange.authentication.ldap_6.20.1.0 [2] is not active.
!SESSION 2012-02-15 22:08:19.572 -----------------------------------------------
eclipse.buildId=unknown
java.version=1.6.0_30
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=linux, ARCH=x86, WS=gtk, NL=en_US
Command-line arguments: -configuration file:/opt/open-xchange/etc/groupware/osgi

this message doesn't really help me. may be you have an idea what's wrong..
Leave a comment:
Wolfgang Rosenauer replied

02-15-2012, 05:48 PM
The required service com.openexchange.authentication.AuthenticationServ ice is temporary not available. Please try again later

Apparently there is no bundle (correctly) loaded which provides AuthenticationService.
Please check with listbundles if all bundles are ACTIVE. If not check for other errors (especially also in osgi-admin.log).
Leave a comment:
sploenix replied

02-15-2012, 04:31 PM
ok synchronization is working now.
but now I can't get ldap authentication to work. I set up ldapauth.properties according to my oxldapsync settings.
here's the error I get when I try to login (the username you see here is oxadmin, but I get the same error if I use an AD user):

INFO: Logged at: com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
Loginxadmin IP:XXX.XXX.XXX.XXX AuthID:e27f264a-5497-48f6-95f9-d77f9e6d68fc Agent:Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 Client:com.openexchange.ox.gui.dhtml(6.20.1 Rev5) Interface:HTTP_JSON Failed.
Feb 15, 2012 3:24:56 PM com.openexchange.log.internal.LoggerTask call
SEVERE: Logged at: com.openexchange.ajax.Login.loginOperation(Login.j ava:944)
LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=2032259047-6
com.openexchange.ajp13.remoteAddress=127.0.0.1
com.openexchange.ajp13.remotePort=51652
LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=2032259047-6
at com.openexchange.authentication.exception.LoginExc eptionFactory.createException(LoginExceptionFactor y.java:76)
at com.openexchange.authentication.exception.LoginExc eptionFactory.createException(LoginExceptionFactor y.java:62)
at com.openexchange.exceptions.Exceptions.create(Exce ptions.java:141)
at com.openexchange.exceptions.Exceptions.create(Exce ptions.java:153)
at com.openexchange.authentication.LoginExceptionCode s.create(LoginExceptionCodes.java:133)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:211)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:128)
at com.openexchange.ajax.Login$11.doLogin(Login.java: 904)
at com.openexchange.ajax.Login.loginOperation(Login.j ava:919)
at com.openexchange.ajax.Login.doLogin(Login.java:901 )
at com.openexchange.ajax.Login$1.handleRequest(Login. java:184)
at com.openexchange.ajax.Login.doJSONAuth(Login.java: 738)
at com.openexchange.ajax.Login.doGet(Login.java:725)
at com.openexchange.ajax.Login.doPost(Login.java:858)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
at com.openexchange.ajax.AJAXServlet.service(AJAXServ let.java:428)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
at com.openexchange.ajp13.coyote.AjpProcessor.process (AjpProcessor.java:822)
at com.openexchange.ajp13.coyote.sockethandler.Coyote Task.call(CoyoteTask.java:184)
at java.util.concurrent.FutureTask$Sync.innerRun(Unkn own Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.runTask(CustomThreadPoolExecuto r.java:752)
at com.openexchange.threadpool.internal.CustomThreadP oolExecutor$Worker.run(CustomThreadPoolExecutor.ja va:781)
at java.lang.Thread.run(Unknown Source)
Caused by: SRV-0001 Category=4 Message=The required service com.openexchange.authentication.AuthenticationServ ice is temporary not available. Please try again later. exceptionID=2032259047-5
at com.openexchange.authentication.service.Authentica tion.login(Authentication.java:86)
at com.openexchange.login.internal.LoginPerformer$1.d oAuthentication(LoginPerformer.java:130)
at com.openexchange.login.internal.LoginPerformer.doL ogin(LoginPerformer.java:170)
... 18 more

has anybody an idea what can be done to fix this error?
Leave a comment:
Wolfgang Rosenauer replied

02-15-2012, 01:21 PM
No, the authentication method is not dependent on it.
User provisioning as done with oxldapsync is disconnected from authentication.
So it's still possible to authenticate against IMAP for example as long as the IMAP server is connected to AD (or at least has the same userids and passwords).
Leave a comment:
sploenix started a topic open-xchange-authentication

02-15-2012, 12:22 PM
open-xchange-authentication

Hi all,

we want to use oxldapsync to synchronize our ox users with active directory. can this only be done in combination with the package open-xchange-authentication-ldap?

regards,
sploenix
Tags: None

Announcement

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: